Automated fuel dispensing systems and semi-automated fuel dispensing systems have been devised to permit unattended or semi-unattended purchases of fuel by authorized customers of such systems. Customers using systems of this type typically include municipalities, large trucking companies, and the like. Frequently only a single customer or a small group of customers uses a given facility. In such a case, fully automatic self-service fuel dispensing systems (requiring no attendents whatsoever) have been developed. In these systems, a credit card or specially prepared document is inserted into a card reader to cause selected data from the card to be transmitted to a remote central computer for verification. In some systems the computer and verification may be locally present at the facility. If the document is verified as an authorized document, the system then permits the withdrawal of fuel under the control of the credit card. The quantity of the fuel withdrawn, the fuel identity, and usually other indicia such as driver identification, customer identification, vehicle identification, etc. are obtained from the card and processed along with the variable information for the specific transaction being completed.
Systems of this type which have been developed and which are assigned to the same assignee as the present application are disclosed in U.S. Pat. No. 4,085,313 to Bradford Van Ness, U.S. Pat. No. 4,114,140 to John Kubina, and U.S. Pat. No. 4,335,448 to Bradford Van Ness. In addition such systems may be used with a remote verification lock-out system of the type disclosed in the patent to James R. Sheldon, U.S. Pat. No. 4,296,404, and further may employ a card reader security system of the type disclosed in the patent to Weimer et al U.S. Pat. No. 4,296,315.
The system of the Sheldon et al patent permits relatively simple changes in the verification logic of the system to readily change the verification status of any particular cards used in the system from a "valid" to a "non-valid" status for various reasons. For example, if the credit card is stolen, the identity of that card must be changed in the verification logic of the system to a "non-valid" so that the card cannot be used to carry out transactions with the system. Other situations arise, such as where a customer falls behind in payments, so that it becomes necessary to prevent that customer from using the system until his account is satisfactorily brought up to date.
The systems mentioned in the foregoing patents have met with widespread acceptance for use with bulk fueling terminals, particularly for customers having relatively large fleets of vehicles requiring large quantities of fuel. Since the credit cards used in the system accurately identify each transaction and further since the amounts of fuel or other items withdrawn by use of the cards are accurately tabulated for each transaction, record keeping and billing is substantially simplified.
It may be possible, however, for unscrupulous persons who have access to a relatively small number of "credit" cards used in any given system, to determine the particular manner of encoding used on such cards and then fabricate cards which may be used to withdraw fuel from the unattended terminals. This is to be contrasted with the situation where a credit card is stolen and the driver and/or vehicle identification of that card is known so that the "non-valid" lockout feature of the system may be utilized to prevent use of that card from that point out in a system. This problem of the creation of an unauthorized card can arise where a fake driver and/or vehicle identity is created with all other aspects of the card, such as customer identificaion, fuel identification, and the like being compatible with the system. In this latter case it is possible that no "lockout" of the unauthorized card would take place. Thus it is desirable to provide some means of protecting against such unauthorized fabrication of fake cards which would work in the system.
A different system, but one in which it is desirable to make it difficult for the user of a "credit card" to alter data in an unauthorized manner is disclosed in the patent to Whitehead U.S. Pat. No. 4,253,017 issued Feb. 24, 1981. This patent is directed to an identification card comprising several laminated layers, at least one of which is capable of being magnetized with rows and columns of magnetic spots having different north/south magnetic orientations. The card itself is used in conjunction with border or customs offices for checking the validity of the card and also the ingress and egress locations and dates of use of such cards. This latter information is accomplished by means of changing the magnetization of "randomly" located spots in the card, other "randomly" located spots of which provide the user identification and other information. The pattern of the spots for each of the different portions of information data are encoded on the card in an intermixed relationship, so that it is difficult for a person to either counterfeit the card or to alter the variable data to provide a counterfeit indication of ingress or egress or the data thereof. By use of a computer at the point of use of the card, with a program identifying which of the different magnetic spot locations relate to the various items of information represented on the card, decoding of the randomly intermixed data can take place to provide the customs officer with a usable output indicia. At the same time, both counterfeiting and misuse of the card is made difficult.
Another area in which credit card control cards are used and in which security features are necessary is in conjunction with automatic cash dispensing machines commonly used by banks and popularly known as "automatic tellers". One such system for providing an additional level of security in its use is described in the patent to Black et al, U.S. Pat. No. 3,862,716 issued Jan. 28, 1975. This patent discloses an automatic teller system in which a single random number is selected for use over an extended period of time to change the account numbers which are read off of the cards by the automatic teller machines to modified count numbers which then are operated upon to provide the personal password number which the customer is supposed to key into the machine. The secrecy coding remains constant for all cards in the system until the bank adopts a different number as a single random number. The user then has to know the password number to key it into the machine in order to make it operate. Every time the password number is changed, the customer or user of the card must be notified of that change.
The patent to Yamamoto et al, U.S. Pat. No. 3,665,162 issued May 23, 1972, also discloses a bank card system using a card plus a user-entered "secret" number. To this extent the system disclosed in the Yamamoto patent is similar to the system of the Black patent. Yamamoto uses a scrambled number system, but the scrambling is in a converter rather than on the card itself.
It is desirable to provide a system which can wholly defeat or at least make it nearly impossible for anyone to produce a counterfeit card which would work with any of the systems of the foregoing types. To be most effective, such a system or technique for encoding a card should effect the encoding and the subsequent use of the card without requiring any knowledge or additional input from the card user. At the same time in the original encoding of the card also should be capable of accomplishment without any change in the procedure normally used to encode such a card in a conventional fashion. All of the scrambling or masking of data should be effected automatically without the intervention of either the user or the person originally encoding the card for its subsequent use. In addition, any security system used with the card to effect a scrambling of the data bits encoded on it should be such as to accomplish the scrambling of the information in a manner which prevents a would-be counterfeiter from determining the scrambling pattern or code from credit cards used with the system.